WSL CommandLine Support

%3CLINGO-SUB%20id%3D%22lingo-sub-1127649%22%20slang%3D%22en-US%22%3EWSL%20CommandLine%20Support%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1127649%22%20slang%3D%22en-US%22%3E%3CP%3EI%20noticed%20while%20doing%20some%20Advanced%20Hunting%20in%20MDATP%2C%20that%20there%20is%20some%20visibility%20into%20processes%20executed%20via%20WSL.%20But%2C%20the%20ProcessCommandLine's%20are%20all%20blank%3B%20we%20can%20only%20see%20the%20process%20name.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWill%20CommandLine%20visibility%20for%20WSL%20processes%20be%20added%20in%20the%20future%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1127649%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ELinux%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMDATP%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%20Subsystem%20for%20LInux%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWSL%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Visitor

I noticed while doing some Advanced Hunting in MDATP, that there is some visibility into processes executed via WSL. But, the ProcessCommandLine's are all blank; we can only see the process name.

 

Will CommandLine visibility for WSL processes be added in the future?

0 Replies